Social Engineering
Generative AI lowers the cost of social engineering by orders of magnitude. Spear-phishing emails that previously required a fluent writer and target research are now produced in seconds with reasonable per-target personalisation. Voice cloning (ElevenLabs, OpenVoice, and others) enables real-time impersonation of executives and family members; multiple confirmed business-email-compromise and CFO-fraud incidents in 2023-2024 used cloned voices. Deepfake video is good enough for short verification clips and live calls under poor video conditions. Beyond direct attacks, AI-generated content fuels disinformation campaigns, fake review economies, and pig-butchering scams at unprecedented scale. AI Threat Alert tracks this category through CVEs in voice/face-recognition systems that fail to detect synthetic media, plus incidents in AIID (the AI Incident Database). Defenses: out-of-band verification for sensitive actions, deepfake detection layered with provenance signals (C2PA), and user education that assumes any voice or video can be faked.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-20258 | Splunk: stored XSS hijacks dashboards via HTML panel | 5.4 | |
| HIGH | CVE-2026-53823 | OpenClaw: privilege escalation via Slack display name spoofing | OpenClaw | 8.1 |
| MEDIUM | GHSA-c9cv-mq2m-ppp3 | Nuxt: open redirect + XSS in navigation API (SSR+client) | nuxt | - |
| MEDIUM | CVE-2026-53841 | OpenClaw: XSS via unsafe links in exported session HTML | openclaw | 6.1 |
| HIGH | CVE-2026-53849 | OpenClaw: auth bypass via Discord display name spoofing | openclaw | 8.1 |
| HIGH | CVE-2026-53857 | OpenClaw: display name spoofing bypasses agent allowFrom policy | openclaw | 8.1 |
| MEDIUM | CVE-2026-54303 | n8n: reflected XSS in trigger nodes enables session hijack | n8n | - |
| MEDIUM | CVE-2026-54006 | open-webui: auth bypass allows cross-user calendar injection | open-webui | 4.3 |
| HIGH | CVE-2026-49276 | Kirby CMS: XSS via writer field malicious links | getkirby/cms | - |
| CRITICAL | CVE-2026-12048 | pgAdmin 4: Stored XSS enables full browser session hijack | 9.3 | |
| MEDIUM | GHSA-vmhf-c436-hxj4 | JupyterLab: XSS via malicious PyPI extension URL | jupyterlab | - |
| HIGH | CVE-2026-50132 | Budibase: account hijack via chat identity CSRF | 7.3 | |
| MEDIUM | CVE-2026-32052 | OpenClaw: command injection via shell-wrapper argv bypass | OpenClaw | 6.4 |
| HIGH | CVE-2026-32971 | OpenClaw: approval UI spoofing enables local RCE | OpenClaw | 7.1 |
| MEDIUM | CVE-2026-35647 | OpenClaw: access control bypass allows DM policy evasion | OpenClaw | 5.3 |
| MEDIUM | CVE-2026-56358 | n8n: stored XSS in Form Trigger enables form hijacking | n8n | 5.4 |
| UNKNOWN | CVE-2026-50709 | Frappe Framework: Stored XSS in Notifications Events panel | - | |
| MEDIUM | CVE-2026-56356 | n8n: stored XSS in Chat Trigger Custom CSS field | n8n | 5.4 |
| HIGH | GHSA-xww8-gqvh-92x9 | OpenClaw: truncated approval UI masks exec payload | openclaw | 8.0 |
| MEDIUM | CVE-2026-55437 | Coder: stored XSS in agent logs risks admin session | github.com/coder/coder/v2 | 5.4 |